npm

3,969 tracked vulnerabilities.

CVE-2022-39300 HIGH
node-saml < 4.0.0 - Improper Verification of Cryptographic Signature
Oct 13, 2022
CVSS 7.7
EPSS 0.00
CVE-2022-39299 HIGH
passport-saml < 3.2.2 - Authentication Bypass via SAML Signature Verification Flaw
Oct 12, 2022
CVSS 7.4
EPSS 0.05
CVE-2022-37601 CRITICAL
webpack.js loader-utils <1.4.1 and >=2.0.0 <2.0.3 - Prototype Pollution via parseQuery Function
Oct 12, 2022
CVSS 9.8
EPSS 0.19
CVE-2022-37614 CRITICAL
mockery - Prototype Pollution via Key Variable in enable Function
Oct 12, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-37611 CRITICAL
gh-pages < 5.0.0 - Prototype Pollution via Partial Variable in util.js
Oct 12, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-40440 MEDIUM
mxGraph v4.2.2 - Cross-Site Scripting via setTooltips() Function
Oct 12, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-37617 CRITICAL
browserify-shim < 3.8.16 - Prototype Pollution via resolveShims Function
Oct 11, 2022
CVSS 9.8
EPSS 0.00
CVE-2022-37599 HIGH
webpack.js loader-utils 1.0.0-1.4.1 - Regular Expression Denial of Service in interpolateName Function
Oct 11, 2022
CVSS 7.5
EPSS 0.04
CVE-2022-41376 MEDIUM
Metro UI 4.4.0-4.5.0 - Reflected Cross-Site Scripting via JavaScript Function
Oct 11, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-37616 CRITICAL
xmldom < 0.8.3 - Prototype Pollution via p Variable in copy Function
Oct 11, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-39288 HIGH
fastify < 4.8.1 - Denial of Service via Malicious Content-Type Header
Oct 10, 2022
CVSS 7.5
EPSS 0.06
CVE-2022-39287 HIGH
tiny-csrf < 1.1.0 - Cleartext Transmission of Sensitive Information
Oct 07, 2022
CVSS 8.1
EPSS 0.00
CVE-2022-3423 HIGH
nocodb < 0.92.0 - Denial of Service via Resource Exhaustion
Oct 07, 2022
CVSS 7.3
EPSS 0.01
CVE-2022-40764 HIGH
Snyk CLI < 1.996.0 - OS Command Injection via vendor.json ignore field
Oct 03, 2022
CVSS 7.8
EPSS 0.03
CVE-2022-40277 HIGH
Joplin 2.8.8 - Remote Code Execution via Malicious Markdown Link Schema
Sep 30, 2022
CVSS 7.8
EPSS 0.00
CVE-2022-24373 MEDIUM
react-native-reanimated <3.0.0-rc.1 - ReDoS
Sep 30, 2022
CVSS 5.3
EPSS 0.01
CVE-2022-21222 MEDIUM
css-what < 2.1.3 - Regular Expression Denial of Service via Insecure Regular Expression in parse Function
Sep 30, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-39266 CRITICAL
isolated-vm < 4.3.6 - Sandbox Bypass via Untrusted CachedData
Sep 29, 2022
CVSS 9.6
EPSS 0.00
CVE-2022-39250 HIGH
Matrix JavaScript SDK <19.7.0 - XSS
Sep 29, 2022
CVSS 8.6
EPSS 0.00
CVE-2022-39251 HIGH
Matrix Client-Server SDK <19.7.0 - Open Redirect
Sep 28, 2022
CVSS 8.6
EPSS 0.00
CVE-2022-39249 HIGH
Matrix Client-Server SDK <19.7.0 - Info Disclosure
Sep 28, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-39236 MEDIUM
Matrix Javascript SDK 17.1.0-19.7.0 - Improper Input Validation in Beacon Event Processing
Sep 28, 2022
CVSS 4.3
EPSS 0.01
CVE-2022-31367 HIGH
Strapi <3.6.10, <4.1.10 - Info Disclosure
Sep 27, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-21169 HIGH
express-xss-sanitizer < 1.1.3 - Prototype Pollution via allowedTags Attribute
Sep 26, 2022
CVSS 7.3
EPSS 0.01
CVE-2022-23461 MEDIUM
Jodit Editor 3.0.0-3.20.4 - Cross-Site Scripting via Pasting Specially Constructed Input
Sep 24, 2022
CVSS 5.4
EPSS 0.00
Products
openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12
Quick Filters
Critical CVEs With Exploits In CISA KEV